Lucene search

PRIOn knowledge basePRION:CVE-2010-1128

HistoryMar 26, 2010 - 8:30 p.m.

Design/Logic Flaw

2010-03-2620:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

CPENameOperatorVersion
phpeq5.2.9
phpeq5.2.7
phpeq5.2.2
phpeq5.2.5
phple5.2.12
phpeq5.2.11
phpeq5.2.6
phpeq5.2.3
phpeq5.2.0
phpeq5.2.4

Name	Operator	Version
php	eq	5.2.9
php	eq	5.2.7
php	eq	5.2.2
php	eq	5.2.5
php	le	5.2.12
php	eq	5.2.11
php	eq	5.2.6
php	eq	5.2.3
php	eq	5.2.0
php	eq	5.2.4

Rows per page:

1-10 of 131

References

secunia.com/advisories/38708

secunia.com/advisories/42410

www.php.net/ChangeLog-5.php

www.php.net/releases/5_2_13.php

www.redhat.com/support/errata/RHSA-2010-0919.html

www.securityfocus.com/bid/38430

www.vupen.com/english/advisories/2010/0479

www.vupen.com/english/advisories/2010/3081

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for PRION:CVE-2010-1128